Tuesday, July 08, 2014

More XKeyScore code

In a recent post, I mention that the XKeyScore code revealed by Jacob Appelbaum looks weird. I'm guessing that instead of actual source, it's just snippets copied from PowerPoint presentations and PDF manuals. Twitter user @nin_99 pointed out today that a previous Snowden leak had (accidentally) reveals similar XKeyScore code.

Back on January 17, 2014, the New York Times reported on how the NSA was eavesdropping on data from cell phones apps. In redacting the document (protecting sources and methods), the NYTimes made a common redaction mistake, covering the critical bits instead of removing it. That meant anybody doing a simple copy-and-paste could retrieve the "redacted" text. One of those slides contained XKeyScore source code similar to other code recently released.

The slide in question looked like the following:

Doing a copy-and-paste on the text underneath the blackbar reveals the following code:

fingerprint('image/exif/gpsCoordinates') =

file_ext('jpeg' or 'pjpeg' or 'jpg' or 'pjpg' or 'tiff' or 'gif' or 'png' or 'riff' or 'wav') and

'exif:GPSLatitude' or 'exif:GPSLongitude' or 'exif:GPSDestLatitude' or 'exif:GPSDestLongitude';

You can do this yourself. Click on this file. When it downloads, open it. On Windows, hit control-A to select all the text, then control-C to copy it. Open notepad and hit control-V to paste. In the text, you'll see this source code -- though it's hidden under a black bar in the PDF file.

This example gives weight to my suspicions that the original store about Tor and TAILS wasn't derived from actual source code, but pieced together from PowerPoints/PDFs.

This example disproves the assertion that "NSA targets Tor users for being extremists". By that logic, this code "targets photographers for being extremists".